Microsoft Internet Explorer 11 Security Technical Implementation Guide
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Turn on SmartScreen Filter scan option for the Restricted Sites Zone must be enabled.
This policy setting controls whether SmartScreen Filter scans pages in this zone for malicious content. If you enable this policy setting, SmartScreen Filter scans pages in this zone for malicious ...Rule Medium Severity -
SRG-APP-000210
Group -
The Initialize and script ActiveX controls not marked as safe must be disallowed (Intranet Zone).
ActiveX controls that are not marked safe for scripting should not be executed. Although this is not a complete security measure for a control to be marked safe for scripting, if a control is not m...Rule Medium Severity -
SRG-APP-000210
Group -
SRG-APP-000141
Group -
Run once selection for running outdated ActiveX controls must be disabled.
This feature keeps ActiveX controls up to date and helps make them safer to use in Internet Explorer. Many ActiveX controls are not automatically updated as new versions are released. It is very im...Rule Medium Severity -
SRG-APP-000141
Group -
Enabling outdated ActiveX controls for Internet Explorer must be blocked.
This feature keeps ActiveX controls up to date and helps make them safer to use in Internet Explorer. Many ActiveX controls are not automatically updated as new versions are released. It is very im...Rule Medium Severity -
SRG-APP-000141
Group -
Use of the Tabular Data Control (TDC) ActiveX control must be disabled for the Internet Zone.
This policy setting determines whether users can run the Tabular Data Control (TDC) ActiveX control, based on security zone. By default, the TDC ActiveX Control is disabled in the Internet and Rest...Rule Medium Severity -
SRG-APP-000209
Group -
The Download signed ActiveX controls property must be disallowed (Restricted Sites zone).
ActiveX controls can contain potentially malicious code and must only be allowed to be downloaded from trusted sites. Signed code is better than unsigned code in that it may be easier to determine ...Rule Medium Severity -
SRG-APP-000141
Group -
Use of the Tabular Data Control (TDC) ActiveX control must be disabled for the Restricted Sites Zone.
This policy setting determines whether users can run the Tabular Data Control (TDC) ActiveX control, based on security zone. By default, the TDC ActiveX Control is disabled in the Internet and Rest...Rule Medium Severity -
SRG-APP-000209
Group -
SRG-APP-000209
Group -
The Download unsigned ActiveX controls property must be disallowed (Restricted Sites zone).
Unsigned code is potentially harmful, especially when coming from an untrusted zone. ActiveX controls can contain potentially malicious code and must only be allowed to be downloaded from trusted s...Rule Medium Severity -
SRG-APP-000209
Group -
VBScript must not be allowed to run in Internet Explorer (Restricted Sites zone).
This policy setting allows the management of whether VBScript can be run on pages from the specified zone in Internet Explorer. By selecting "Enable" in the drop-down box, VBScript can run without ...Rule Medium Severity -
SRG-APP-000266
Group -
Internet Explorer Development Tools Must Be Disabled.
While the risk associated with browser development tools is more related to the proper design of a web application, a risk vector remains within the browser. The developer tools allow end users and...Rule Low Severity -
SRG-APP-000210
Group -
The Initialize and script ActiveX controls not marked as safe property must be disallowed (Restricted Sites zone).
ActiveX controls not marked safe for scripting should not be executed. Although this is not a complete security measure for a control to be marked safe for scripting, if a control is not marked saf...Rule Medium Severity -
SRG-APP-000516
Group -
ActiveX controls and plug-ins must be disallowed (Restricted Sites zone).
This policy setting allows you to manage whether ActiveX controls and plug-ins can be run on pages from the specified zone. ActiveX controls not marked as safe should not be executed. If you enable...Rule Medium Severity -
SRG-APP-000210
Group -
ActiveX controls marked safe for scripting must be disallowed (Restricted Sites zone).
This policy setting allows management of whether ActiveX controls marked safe for scripting can interact with a script. If you enable this policy setting, script interaction can occur automatically...Rule Medium Severity -
SRG-APP-000141
Group -
File downloads must be disallowed (Restricted Sites zone).
Sites located in the Restricted Sites Zone are more likely to contain malicious payloads and therefore downloads from this zone should be blocked. Files should not be able to be downloaded from sit...Rule Medium Severity -
SRG-APP-000141
Group -
SRG-APP-000039
Group -
Accessing data sources across domains must be disallowed (Restricted Sites zone).
The ability to access data zones across domains could cause the user to unknowingly access content hosted on an unauthorized server. This policy setting allows you to manage whether Internet Explor...Rule Medium Severity -
SRG-APP-000516
Group -
The Allow META REFRESH property must be disallowed (Restricted Sites zone).
It is possible that users will unknowingly be redirected to a site hosting malicious content. 'Allow META REFRESH' must have a level of protection based upon the site being browsed. This policy set...Rule Medium Severity -
SRG-APP-000141
Group -
Functionality to drag and drop or copy and paste files must be disallowed (Restricted Sites zone).
Content hosted on sites located in the Restricted Sites zone are more likely to contain malicious payloads and therefore this feature should be blocked for this zone. Drag and drop or copy and past...Rule Medium Severity -
SRG-APP-000141
Group -
Launching programs and files in IFRAME must be disallowed (Restricted Sites zone).
This policy setting allows you to manage whether applications may be run and files may be downloaded from an IFRAME reference in the HTML of the pages in this zone. Launching of programs in IFRAME ...Rule Medium Severity -
SRG-APP-000039
Group -
Navigating windows and frames across different domains must be disallowed (Restricted Sites zone).
Frames navigating across different domains are a security concern, because the user may think they are accessing pages on one site while they are actually accessing pages on another site. It is pos...Rule Medium Severity -
SRG-APP-000231
Group -
Userdata persistence must be disallowed (Restricted Sites zone).
Userdata persistence must have a level of protection based upon the site being accessed. This policy setting allows you to manage the preservation of information in the browser's history, in Favori...Rule Medium Severity -
SRG-APP-000141
Group -
SRG-APP-000141
Group -
SRG-APP-000219
Group -
SRG-APP-000089
Group -
SRG-APP-000141
Group -
SRG-APP-000516
Group -
SRG-APP-000516
Group -
Internet Explorer must be configured to use machine settings.
Users who change their Internet Explorer security settings could enable the execution of dangerous types of code from the Internet and websites listed in the Restricted Sites zone in the browser. T...Rule Medium Severity
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.